The Sysinternals Troubleshooting Utilities have been rolled up into a single Suite of tools. This file contains the individual troubleshooting tools and help files. It does not contain non-troubleshooting tools like the BSOD Screen Saver or NotMyFault. The Sysinternals Suite is a bundle of several Sysinternals Utilies like AccessChk, Autologon, Ctrl2Cap, DiskView, Disk Usage (DU), LogonSessions, PageDefrag, ProcessExplorer, PsLogList, PsPasswd, RegMon, RootkitRevealer, TCPView, VMMap, ZoomIt.
Sysinternals Suite 2017.02.17 changelog:
- Sysmon v6 - This release of Sysmon, a background monitor that records activity to the event log for use in security incident detection and forensics, introduces an option that displays event schema, adds an event for Sysmon configuration changes, interprets and displays registry paths in their common format, and adds named pipe create and connection events (thanks to Giulia Biagini for the contribution). Check out the related presentation from Mark’s RSA Conference, “How to Go From Responding to Hunting with Sysinternals Sysmon.”
- Autoruns v13.7 - Autoruns, an autostart entry point management utility, now reports print providers, registrations in the WMI\Default namespace, fixes a KnownDLLs enumeration bug, and has improved toolbar usability on high-DPI displays.
- AccessChk v6.1 - This update to AccessChk, a command-line utility that shows effective and actual permissions for file, registry, service, process object manager, and event logs, now reports Windows 10 process trust access control entries and token security attributes.
- Process Monitor v3.32 - This update of Process Monitor, a file system registry, process and network real-time monitor, adds an option to display process and thread IDs in hexadecimal format, and includes improved toolbar usability on high-DPI displays. It also includes drivers signed to be compatible with the driver signing policy in recent releases of Windows 10.
- Process Explorer v16.2 - The latest release of Process Explorer, a powerful process management and diagnostic utility, fixes a bug listing Wow64 thread stacks, and includes improved toolbar usability on high-DPI displays. It also includes drivers signed to be compatible with the driver signing policy in recent releases of Windows 10.
- LiveKd v5.61 - This release of LiveKd, a live-system kernel debugger and dump generator, includes drivers signed to be compatible with the driver signing policy in recent releases of Windows 10.
- BgInfo v4.21 - This update to BgInfo, a utility that adds system information to the desktop background, fixes a bug that prevented the standalone 64-bit version from working.